diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
new file mode 100644
index 0000000..1f42d10
--- /dev/null
+++ b/.github/workflows/molecule.yml
@@ -0,0 +1,24 @@
+---
+name: Test deployment
+'on':
+  pull_request:
+  push:
+  schedule:
+    # Run every Wednesday at 01:42
+    - cron: "42 1 * * 3"
+
+jobs:
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out codebase
+        uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - name: Install dependencies
+        run: pip3 install yamllint
+      - name: Lint repository
+        run: yamllint .
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..25a4eb7
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Reconfigure the tunnel
+  ansible.builtin.service:
+    name: wg-quick@pdostal
+    state: restarted
diff --git a/meta/main.yml b/meta/main.yml
new file mode 100644
index 0000000..57be56a
--- /dev/null
+++ b/meta/main.yml
@@ -0,0 +1,14 @@
+---
+galaxy_info:
+  role_name: wireguard
+  namespace: pdostal
+  author: Pavel Dostál
+  description: Configurable wireguard host
+  company: pdostal
+  license: license MIT
+  min_ansible_version: "2.9"
+  platforms:
+    - name: opensuse
+  galaxy_tags:
+    - wireguard
+dependencies: []
diff --git a/tasks/configure.yml b/tasks/configure.yml
new file mode 100644
index 0000000..ac22c5b
--- /dev/null
+++ b/tasks/configure.yml
@@ -0,0 +1,19 @@
+---
+- name: Generate configuration file
+  ansible.builtin.template:
+    src: wireguard.j2
+    dest: "/etc/wireguard/pdostal.conf"
+    owner: root
+    group: root
+    mode: '0700'
+- name: Do not count this as a failure
+  ansible.builtin.command: "systemctl start wg-quick@pdostal"
+  ignore_errors: yes
+- name: Do not count this as a failure1
+  ansible.builtin.command: "journalctl --no-tail -u wg-quick@pdostal"
+  register: journalctl
+  ignore_errors: yes
+- name: journalctl
+  debug:
+    var: journalctl.stdout_lines
+  #notify: Reconfigure the tunnel
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..a58d384
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- ansible.builtin.import_tasks: prepare.yml
+- ansible.builtin.import_tasks: configure.yml
diff --git a/tasks/prepare.yml b/tasks/prepare.yml
new file mode 100644
index 0000000..3eee0ee
--- /dev/null
+++ b/tasks/prepare.yml
@@ -0,0 +1,27 @@
+---
+- name: Print some debug information
+  vars:
+    msg: |
+        Ansible Distribution: {{ ansible_distribution }}
+        Ansible Dist version: {{ ansible_distribution_version }}
+        Ansible OS family: {{ ansible_os_family }}
+  debug:
+    msg: "{{ msg.split('\n') }}"
+- name: Install latest version on Archlinux
+  community.general.pacman:
+    name:
+      - wireguard-tools
+    state: present
+  when: ansible_distribution == 'Archlinux'
+
+- name: Install latest version on Debian
+  ansible.builtin.apt:
+    name: wireguard
+    state: present
+  when: ansible_distribution == 'Debian'
+
+- name: Install latest version on openSUSE
+  community.general.zypper:
+    name: wireguard-tools
+    state: present
+  when: ansible_os_family == "Suse"
diff --git a/templates/wireguard.j2 b/templates/wireguard.j2
new file mode 100644
index 0000000..bdb7ff0
--- /dev/null
+++ b/templates/wireguard.j2
@@ -0,0 +1,19 @@
+[Interface]
+Address = {{ address }}
+ListenPort = 51871
+PrivateKey = {{ private_key }}
+
+{% for host in groups['all'] %}
+{% if hostvars[host]['inventory_hostname'] != inventory_hostname %}
+[Peer]
+# {{ hostvars[host]['inventory_hostname'] }}
+PublicKey = {{ hostvars[host]['public_key'] }}
+AllowedIPs = {{ hostvars[host]['allowed_ips'] }}
+{% if hostvars[host]['endpoint'] is defined %}
+Endpoint = {{ hostvars[host]['endpoint'] }}
+{% endif %}
+PersistentKeepalive = 25
+
+{% endif %}
+{% endfor %}
+